TrapDoor malware poisons npm, PyPI and Crates to target devs
Socket found ‘TrapDoor’ malware in npm, PyPI and Crates — 34 packages, 384 versions — targeting crypto and AI developers to steal keys, tokens and hijack AI coding assistants.
Security platform Socket reported it discovered a supply‑chain malware campaign called TrapDoor on Friday and published a detailed report on Sunday. The campaign has deployed 34 malicious packages and 384 versions across npm, PyPI and Crates, the package repositories for JavaScript/Node.js, Python and Rust.
Socket’s analysis shows the packages are aimed at developers working on crypto, decentralized finance, artificial intelligence and security projects. The malware is designed to harvest wallet data, Secure Shell (SSH) keys, cloud credentials, GitHub tokens, browser extension data and API keys when a developer installs a compromised package.
Ahmad Nassri, Socket’s chief technology officer, identified targeted services that include Coinbase, Binance, Solana, Sui, Aptos and MetaMask, as well as the Brave browser. Socket’s analysis found code that injects hidden instructions to hijack AI coding assistants such as Claude and Cursor, attempting to trick those assistants into running fake “security scan” workflows that reveal secrets for exfiltration.
According to Socket, attackers chose package names that mimic legitimate developer tools — development helpers, project setup utilities, model routing and prompt engineering packages, Solidity tooling, and build helpers for Sui or Move — to increase the chance developers will install them. The firm reports that GitHub was used to host lure repositories and to distribute packages linked to the campaign.
Socket’s report describes the GitHub activity as showing rapid, AI‑assisted style iteration: “broad security‑themed scaffolding, generic lure repositories, prompt‑injection documentation, and partially implemented extraction concepts mixed with working malware components.” The company added that attackers have repeatedly pushed new releases across ecosystems to expand reach and avoid detection.
The discovery comes after GitHub reported unauthorized access to internal repositories on May 20 following the compromise of an employee device; Socket did not directly link the incidents but noted the access as part of the broader context in which attackers exploit developer workflows to distribute poisoned packages.
TrapDoor covers multiple programming languages and package ecosystems, increasing the likelihood that developers will encounter a malicious component in normal workflows. Socket published technical details, indicators of compromise and patterns used by the malicious packages to help developers and security teams detect and remove the malware.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
